A strange bit of JavaScript has found its way onto Tunisian Internet users’ internet login screens. Some are now in jail in a country known for torture. But they’ve been adopted by an unlikely ally: Anonymous.

Massive riots and protests have rocked Tunisia this past month. After a 26-year-old street
vendor named Mohammed Bouazizi
attempted to kill himself by self-immolation (he survived and
later died of his burns), hundreds of thousands took to the
North African nation’s streets. The protesters complain of
unemployment, economic woes, and an omnipresent dictatorship.
Tunisia’s government has stumbled upon a new method of combating the
protesters: hacking into their social media accounts.

advertisement

advertisement

According to a report by the Committee
to Protect Journalists, the Tunisian government appears to bebreaking
into the Facebook, Google, and Yahoo accounts of dissidents and
journalists. Hackers with unusual levels of access to Tunisia’s state-control network infrastructure have managed to gain access to Facebook accounts
belonging to individuals such as journalists Sofiene Chourabi of al-Tariq
al-Jadid(New
Path; a newspaper affiliated
with the opposition Movement
Ettajdid party) and independent video journalist Haythem
El Mekki, while gaining the passwords of others. Hack targets found that Facebook groups they founded
were deleted, as were pictures of protests. In CPJ’s words, “Their
accounts and pictures of recent protests have been deleted or
otherwise compromised.” Blogs hosted on Blogspot and elsewhere are
also being targeted. Here is an excerpt
from a post by Lina Ben Mhenni of the A Tunisian Girl
blog:

Well, I can understand … No I can’t understand that some stupid person
has hacked my e-mail then, my Facebook account. This stupid person
has also deleted some pages in which I am an administrator. Pages
like that of 7ellblog (launch a blog) which has been largely
promoted even by official media , the page of the Tunisian singer
Amel Mathlouthi , Reading Books is Better than Staring at others (yes they hate reading and culture uin my country), the Tunisian
blogosphere, and may be a page against censorship ‘ la censure nuit
à l ‘image de mon pays’ (I don’t have the confirmation yet) and
many other pages were deleted. What happened is so shameful because
the internet police is again confirming its stupidity and useless
stubbornness. Sofiene Chourabi and Azyz Amami are experiencing the
same problem now. They have been hacked.

Already,
in-depth information is surfacing on how
the hacks were committed. It appears that the Agence tunisienne
d’Internet, a government agency which supervises all of Tunisia’s
ISPs, or someone with access to the agency committed them. Tunisian
ISPs are running a Java script that siphons off login credentials
from users of Facebook, Yahoo and Gmail. According to the Tech
Herald’s Steve Ragan:

Daniel
Crowley, Technical Specialist for Core Security, and Rapid7’s Josh
Abraham, broke the code down further. Crowley explained that the
JavaScript is customized for each site’s login form. It will pull
the username and password, and encode it with a weak crypto
algorithm. The newly encrypted data is placed into the URL, and a
randomly generated five character key is added. The randomly
generated key is meaningless, but it is assumed that it’s there to
add a false sense of legitimacy to the URL. The random characters and
encrypted user information are delivered in the form of a GET request
to a non working URL.

The
code only targeted users accessing HTTP sites instead of HTTPS, which
appears to be why Facebook was so heavily ravaged by the hack plan.
Facebook users default to using HTTP to access the site.

Much of this
information has been released to the public by the quasi-4Chan allied
Anonymous group, which has launched an anti-Tunisian government
hacker campaign called Operation:
Tunisia.

The
Agence tunisienne d’Internet has long been one of the mostcensorship-happy
government agencies in all of Africa. Tunisia’s net firewalls and
intricate IP tracking mechanisms have been compared to China’s, while
popular sites like YouTube and DailyMotion were banned due to hosting
videos alleging human rights abuses in Tunisian prisons. In one of
the WikiLeaks
cables on Tunisia, an anonymous diplomat notes endemic government
corruption and refers to the government of President-for-life Zine al-Abidine Ben Ali as a “quasi-mafia” and a police state.”

While
Facebook, Google and Yahoo have not spoken publicly on the alleged
Tunisian government hacking campaign yet, the State Department has.
In a press conference on Friday, January 7, spokesperson Philip
Crowley stated:

We
are concerned about recent reports that Tunisian ISP providers, at
the direction of the government, hacked into the accounts of Tunisian
users of American companies including Facebook, and providers of
email such as Yahoo and Google, and stealing passwords. This kind of
interference threatens the ability of civil society to realize the
benefits of new technologies. Cyber intrusions of all kinds,
including reported attacks on government of Tunisia websites, disrupt
the free flow of information and reduce overall confidence in the
reliability and security of vital information networks.